netlogix / nxkeycloak
TYPO3 extension for logging into the TYPO3 backend using Keycloak
Installs: 3
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 5
Forks: 0
Open Issues: 0
Type:typo3-cms-extension
Requires
- php: ^7.4 || ^8.0 || ^8.1
- league/oauth2-client: ^2.6
- typo3/cms-beuser: ^11.5
- typo3/cms-core: ^11.5
Requires (Dev)
- ext-sqlite3: *
- nimut/phpunit-merger: ^1.1
- nimut/testing-framework: ^6.0
- phpunit/phpcov: ^8.2
README
This extension allows backend logins using a keycloak server.
Features
- login via a configurable Keycloak server
- create backend user records for new users (currently admin-only)
- login existing (non-keycloak) user if email address matches
Missing Features
- terminate Keycloak session on TYPO3 logoff
- periodically check if Keycloak session is still active (and terminate TYPO3 session if not)
- fetch group config from Keycloak to create non-admin users
- fetch additional user data to decide if the user is allowed to log-in in a specific TYPO3 applications
Configuration
Keycloak
This extension needs a configured client in Keycloak. Go to your desired realm and create a new client using these configuration values:
- Client ID: create an ID and take note for later use (use e.g.
typo3
) - Client Protocol:
openid-connect
- Access Type:
confidential
- enable
Standard Flow
- add these redirect URLs:
https://<TYPO3-domain>/typo3/*
Save the client then go to Credentials
and copy the secret for later use.
TYPO3
This extension needs the following configuration values set in Install Tool:
- clientId: the ID of the client created in Keycloak
- clientSecret: the secret used to authenticate the client
- host: the host of the Keycloak server. Must include the protocol and port (e.g.
https://keycloak.netlogix.de:8080
) - realm: the realm containing user data for this application
Note: Both clientID and clientSecret can be set using environment variables (NXKEYCLOAK_CLIENTID
and NXKEYCLOAK_CLIENTSECRET
) as well.
Values set in Install Tool will be preferred in any case.